Secure Azure Service Bus Relays with SAS Token

This article explains how to secure Service Bus Relays using Shared Access Signature (SAS) to prevent unauthorized/Anonymous access.

Shared Access Signature

Shared Access Signatures are based on SHA-256 secure hashes or URIs. In Azure all Service Bus services provide this authentication mechanism to control access to the resource that may be a service bus relay, a service bus messaging queue or a topic. The SAS is composed of two components:

1. A Shared Access Policy.

2. A Shared Access Signature which is also called a token.

To secure and access a Service Bus Relay endpoint first we need to create a Service Bus Relay Namespace in the Azure portal. After the namespace has been created, create a new policy under Service Bus Relay namespace. We created a new Service Bus Namespace and a new policy as RelayPolicy as shown in the picture below.


Note: we will use Policy name and the Primary key to generate a SAS token or Shared Access Signature in the console application which we are going to create shortly.

Create a console application in C# to generate SAS token

Now we will create a C# script to generate a SAS token.

Create a console application in Visual Studio and name it whatever you like.

Replace the code in the Program.cs class with the following code. Note that the Primary Key and the Policy name may vary and you need to put your own Policy name and Primary Key here.

static void Main(string[] args)


var strAuthorizaitionHeader = GenerateToken(“https://”,

“RelayPolicy”, “*********************=”);


public static string GenerateToken(string resourceUri, string sasKeyName, string sasKey)


//set the token lifespan

TimeSpan sinceEpoch = DateTime.UtcNow – new DateTime(1970, 1, 1);

var expiry = Convert.ToString((int)sinceEpoch.TotalSeconds + 3600); //1hour

string stringToSign = HttpUtility.UrlEncode(resourceUri) + “\n” + expiry;

HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(sasKey));

var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));

//format the sas token

var sasToken = String.Format(CultureInfo.InvariantCulture, “SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}”,

HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, sasKeyName);

return sasToken;



We will use this token in the logic app to send HTTP request to the Relay Service endpoint.

Now Open the logic app and go to the HTTP Post action and paste the SAS token string as value for Authorization HTTP header


Configurations for BasicHttp Relay transport properties

In Biztalk BasicHttp Relay set the transport properties as following.

1. Set the Security mode to Transport.

2. Set Relay Client Authentication Type as Relay Access Token.

The following picture shows the configurations settings of BasicHttp Relay transport properties




BizTalk: Start EDI batches through SQL Script

Here is the script to start all EDI batches for a given Sender and Receiver Party. the script inserts PAM control messages in database which will trigger EDI batching Orchestration in BizTalk

DECLARE @i int = 47 --start batch Id
WHILE @i <= 80 --end batch id
exec edi_PAMBatchingLogDelete @BatchId=@i,@IgnorePendingControlMessages=0
SET @i = @i + 1

INSERT INTO [BizTalkMgmtDb].[dbo].[PAM_Control]
GetDate() as 'ActionDateTime',
0 as 'UsedOnce',
FROM [BizTalkMgmtDb].[tpm].[BatchDescription] bd
join [BizTalkMgmtDb].[tpm].Agreement a on bd.OnewayAgreementId = a.ReceiverOnewayAgreementId

Posted in Misc. Tags: , . Leave a Comment »

Could not load file or assembly ‘Microsoft.BizTalk.Interop.SSOClient, Version=7.0.2300.0

SSO Error

Unexpected exception occurred while configuring [BizTalk EDI/AS2 Runtime].


Could not load file or assembly ‘Microsoft.BizTalk.Interop.SSOClient, Version=7.0.2300.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified. (EDIAS2Config)


Install SSOClient from [BizTalkServer2013 installation media]\BT Server\Platform\SSO\Client

BizTalk EDI: Creating batching configuration in code

For outbound EDI batching, we have to create Batch Configuration in Party Configuration and set Filter Criteria about what messages should constitute one batch. But what if Filter Criteria is dynamic or we have too many batches to configure

here is code snippet to create batch configuration through API

 var builder = new SqlConnectionStringBuilder("DATA SOURCE="BTSSQLServer;Initial Catalog=BizTalkMgmtDb;
Integrated Security=SSPI;");
            using (var tmpCtx = TpmContext.Create(builder))
                var agreement = (from p in tmpCtx.Agreements where p.Name == AgreementName select p).FirstOrDefault();
                if (agreement == null)//create agreement if does not exist.
                    string Sender = ConfigurationManager.AppSettings["Sender"] ?? "SenderPartyName";
                    string Receiver = ConfigurationManager.AppSettings["Receiver"] ?? "ReceiverPartyName";
                    var OneWayAgreement = agreement.GetOnewayAgreement(Sender, Receiver); 
                    var firstBatch = OneWayAgreement.GetBatches()[0]; // first batch config is used as template
                    var newBatch = OneWayAgreement.CreateBatch(BatchName);
                    FilterPredicate predicate = firstBatch.GetFilterPredicate();
                    predicate.Groups[0].Statements[0].Value = "FilterRHS";
// this SQL insert is required to Activate the batch config
                    using (var cmd = new SqlCommand(@" INSERT INTO [dbo].[PAM_Control]
                                                                       ,[SenderPartyName], ReceiverPartyName, AgreementName)
                                                                    SELECT 0 as EDIMessageType
                                                                  ,'EdiBatchActivate' as 'ActionType'
                                                                  ,GetDate() as 'ActionDateTime'
                                                                  ,0 as 'UsedOnce' 
                                                                  ," + newBatch.Id + @" as [BatchId]
                                                                  ,'" + BatchName + @"' as [BatchName], '"+ Sender +@"', '"+
 Receiver +@"', '" + AgreementName + "'", new SqlConnection(builder.ConnectionString)))
Posted in BizTalk, C#. Tags: , . Leave a Comment »

BizTalk EDI: AK2 missing from 997 ACK


We can correlate a 997 with corresponding EDI request message by looking at AK2 segment (AK2:02 = ST02 in request), but by default BizTalk generates AK2 only for failed transactions, thus makes it difficult to correlate 997 with corresponding request in Async setup. To bring AK2 in 997, enable from Parties configuration


Posted in BizTalk. 1 Comment »

BizTalk: ‘Unspecified error’ when starting Host Instance


I was stuck with this error when starting BizTalk host instances after database connectivity was lost and resumed,


event log:

A failure occurred when executing a Windows service request.
Service request: Start
BizTalk host name: BizTalkServerApplication
Windows service name: BTSSvc$BizTalkServerApplication
Additional error information:
Error code: 0x80131604
Error source: mscorlib
Error description: Exception has been thrown by the target of an invocation.


one of possible reasons (among other is a reported issue in BizTalk – and MS provides CU for it) is a new section in BizTalk config file that is not declared in machine.config. In my case, I added a new config section to define appSettings configuration keys  – but I forgot to update machine.config first



Notes from E-Myth Revisited


The E-Myth Revisited: Why Most Small Businesses Don’t Work and What to Do About It

If your business depends on you, you don’t own a business – you have a job. (and you’re working for a lunatic)
The purpose of going into business is to get free of a job so you can create jobs for other people.

A business that "gets small again" is a business reduced to the level of its owner’s personal resistance to change – its owner’s comfort zone. (works and waits for something positive to happen)

Your business is not your life.

Your business is something apart from you, with its own rules and its own purposes. An organism that will live or die according to how well it performs its sole function : find and keep customers.
The primary purpose of your business is to serve your life (not vice-versa)

Typical owner of a small business prefers highly skilled people because he believes they make his job easier – he can simply leave the work to them.
Unfortunately then the business grows to depend on the whims and moods of its people.
If they’re in the mood, the job gets done. If they’re not, it doesn’t.
In this kind of business, "How do I motivate my people?" comes up : "How do I keep them in the mood?"
It is literally impossible to create a consistent result in a business that depends on extraordinary people.
When you intentionally build your business around the skills of ordinary people, you will be forced to ask the difficult questions about how to produce a result without the extraordinary ones.
You will be forced to find a system that leverages your ordinary people to the point where they can produce extraordinary results over and over again.

Most small businesses are started by people who are skilled at something and who enjoy doing that thing. When these people strike out on their own, they tend to continue doing the work they are skilled at, and ignore the overarching aspects of business. Without clear goals and quantification benchmarks, they soon find themselves overworked, understaffed, and eventually broke.

Every business owner needs to simultaneously be an entrepreneur, a manager and a technician. The technician is the worker-bee, the manager makes sure operations and finances run smoothly. The entrepreneur formulates the goals, and steers the business in the direction needed to reach those goals. Of these three personalities, the entrepreneur is key- -without it, the technician will work to death or bankruptcy. As the business grows, the business owner will need to draw away from the technician work and manager work and delegate this work to others.